Organizations of all types and sizes have been rocked by security breaches and other cyber attacks, including large corporations (Merck, Maersk, and FedEx), government agencies, and even a credit reporting bureau (Equifax). And given the growing threat from botnets, malware, ransomware, worms, and nefarious hackers, companies need an organized method for assessing and addressing cybersecurity risks.

Cybersecurity is the technologies, processes, and practices designed to protect networks, computer, programs, and data from attack, damage, or unauthorized access. A cybersecurity risk assessment identifies the gaps in an organization’s critical risk areas and determines actions to close them. The evaluation typically involves considering the primary type of information being handled-whether Social Security numbers, credit or debit card numbers, patient records, industrial control system data, designs or human resources data-and then making a priority list of what needs to be protected.